Updating the nvidia driver for Fedora Core5

[Matt Domsch]

On Mon, Apr 17, 2006 at 01:24:08PM +0100, Paul Howarth wrote:
> > > [ -x /sbin/restorecon ] && /sbin/restorecon /path/to/installed/module
> > 
> > Agreed.  Until DKMS includes this, individual modules can use a
> > POST_INSTALL script to do the same, yes?
> 
> Yes, that should work - as long as the distro sets the right context
> when this happens. If not, semanage might have to be used to set the
> correct default context, and that could be a distribution-specific
> value. That's why it's important to get the right context included in
> the policy for the distro itself.


Agreed again.  kernel modules should not have to know anything about
selinux policy, and really should not have their own policy files to
install via semanage.  It hasn't been a problem on FC5 yet.

The files and dirs in /lib/modules/ appear to have context:
 system_u:object_r:modules_object_t

However, as I'm running Vmware Player on an FC5 system, I see it's
creating its modules with the following context:

./misc:
lrwxrwxrwx  root     root     user_u:object_r:modules_object_t vmmon.ko
-rw-r--r--  root     root     user_u:object_r:modules_object_t vmmon.o
lrwxrwxrwx  root     root     user_u:object_r:modules_object_t vmnet.ko
-rw-r--r--  root     root     user_u:object_r:modules_object_t vmnet.o

and repeated runnings of restorecon keep that value, so I trust it's
what the policy calls for.

So I hacked up a kernel module test package to try out DKMS.  Even
without the restorecon call, it put dell_rbu.ko in the right place
with the user_u context: 

-rw-r--r--  root     root     user_u:object_r:modules_object_t dell_rbu.ko

and again, calling restorecon does nothing.

So, is the call to restorecon actually needed?  I guess it can't
hurt...

Thanks,
Matt

-- 
Matt Domsch
Software Architect
Dell Linux Solutions linux.dell.com & www.dell.com/linux
Linux on Dell mailing lists @ http://lists.us.dell.com